Splunk Search
Highlighted

Retrieve configuration items from a custom python search command

Explorer

I would like to get configuration items from within a custom search python command.

I have created a setup which adds configuration items "host", "port" and "key" for making external REST calls.

The external REST calls are made via a custom search command.
I would like to use the host, port and key stored in the configuration file to form the REST endpoint URL so that the Application can be installed without users having to change my python scripts.

Tried reviewing the splunk.admin class but it isn't obvious to me how to get to the configuration properties to retrieve the data I want. (I wish I was better at python).

I know I can make a REST call back to Splunk from within the search but making REST calls to Splunk itself to get the properties via /services/properties/myapp/myappitem seems a bit wrong.

Has anyone else tried to make use of splunk.admin to retrieve stored configuration?
Is there any way to achieve this?

Highlighted

Re: Retrieve configuration items from a custom python search command

Influencer

There are multiple ways to access config items from with custom search commands. The easiest one is to use the splunk.clilib.cli_common

from splunk.clilib import cli_common as cli
...
cfg = cli.getConfStanza('myconf','mystanza')
print cfg.get('myitem')

The alternative is to actually access the configuration via REST. You can setup the search command to retrieve an auth token via STDIN when it's called by setting passauth = true in commands.conf (enableheader has to be set to true as well).

import splunk.entity, splunk.Intersplunk
...
settings = dict()
records = splunk.Intersplunk.readResults(settings = settings, has_header = True)
...
entity = splunk.entity.getEntity('/admin/conf-myconf','mystanza', namespace='myapp', sessionKey=settings['sessionKey'], owner='nobody')
print entity.get('myitem')

Retrieving the config via REST is the cleaner way IMO. It additionally gives you control over app/user namespace when reading the configuration.

View solution in original post

Highlighted

Re: Retrieve configuration items from a custom python search command

Explorer

Cheers ziegfried, nice. You rock!

Highlighted

Re: Retrieve configuration items from a custom python search command

Contributor

Thanks ziegfried, clear now.

0 Karma
Highlighted

Re: Retrieve configuration items from a custom python search command

Path Finder

Hi ziegfried, thanks for the input. How do I use the

cli.getConfStanza('myconf','mystanza')

to get the version of my custom Add-On TA?

I tried

cli.getMergedConf("app")

But this gives me the version of another app installed on my setup. How do I mention my TA's app.conf folder?

0 Karma
Highlighted

Re: Retrieve configuration items from a custom python search command

Communicator

When using the add-on builder this code works for me:

def process_event(helper, *args, **kwargs):
    service = client.Service(
            token=helper.settings.get('session_key'), 
            owner='nobody',
            app='SplunkEnterpriseSecuritySuite')
    myitem = service.confs["myconf"]["mystanza"]["myitem"]
    helper.log_info("myitem={}".format(myitem))
0 Karma